#DockerEngine

You should probably fix this 5-year-old critical Docker vuln fairly sharpish

July 25, 2024 by Xynik

July 25, 2024 at 09:49AM Docker warns users to patch their Docker Engine due to a critical vulnerability (CVE-2024-41110) present for five years. This bug allows attackers to exploit authorization plugins, potentially leading to privilege escalation and unintended commands execution. While the likelihood of exploitation is low, the severity score is high, and affected users … Read more

Critical Docker Engine Flaw Allows Attackers to Bypass Authorization Plugins

July 25, 2024 by Xynik

July 25, 2024 at 01:57AM Docker warns of a critical vulnerability (CVE-2024-41110) in certain versions of Docker Engine, allowing attackers to bypass authorization plugins with maximum severity. It was regressed since 2018 but resolved in versions 23.0.14 and 27.1.0. Docker Desktop up to 4.32.0 is affected, with a fix expected in the next release. Users … Read more